- Markdown 100%
| bloc-backend@c4710ffb97 | ||
| bloc-frontend@00a62795f7 | ||
| .gitmodules | ||
| API.md | ||
| LICENSE | ||
| README.md | ||
Bloc
Table of contents
Introduction
Bloc is mainly made for people who need a safe place for their datas, like movements and activists organizing in risk zones (ARZ) or even journalists and whistleblowers needing a safe place to store their documents, proofs, etc.
Security and Details
Resilience
With encryption, our second security layer is the resiliency of the storage, the goal is that if a government or a company raid the servers where your instance of bloc is hosted, you just need to login with the same username and password on another instance and magic all your files are still here! This will only be archivable using the Polar network (WIP) and also possible to do using a self-hosted S3 infrastructure but polar is attended to be built over a big network of users and organization so it makes it harder to shutdown.
Encryption
The client application is responsible for encryption and the server is responsible for authentication. We use the Liboxyd library made in WebAssembly to use complex encryption functions on web browser
Algorithms used :
- ECIES ed25519
- Argon2id
- XChaCha20-Poly1305
- Blake3
User's key pair
the user's key pair is generated with the asymetric ECIES ed25519 algorithm and is used to decrypt and encrypt the keys of the files.
It is generated in the web browser when a user registers on the Coldwire authentication service or a specific service developed by us.
The private key is stored in the database but encrypted with XChaCha20-Poly1305 with an argon2 derivation of the password as the key.
The public key is not encrypted and can be get by anyone, it will be used for files transfer or others future features.
User's password
the user's password is hashed with argon2id and is used to authenticate the user on the application to get a jwt token.
How file are encrypted ?
- A 256bits key is generated
- The file is encrypted chunk by chunk using XChaCha20-Poly1305 with the generated key
- the key is encrypted using user's public key with ECIES
- The file is uploaded and the encrypted key stored in the metadatas.
Sharing System
Private
A private sharing is the way of sharing files between users of bloc (will work betweens differents instances over polar), this is how it work:
- Bob click on "sharing to alice"
- Bob get alice's public key from the API
- Bob decrypt the key of the file with its private key
- Bob encrypt the key of the file using alice's public key
- The file is added to alice's shared files
Public
For a public share, the current way is just to share the encryption key in a link, but I'm (monoko) thinking about a way to share without leaking the original key, but seems complicated with decryption on the client side.
Roadmap
- Bloc API
- Web application
- Frontend
- Client Side Encryption
- Storage
- Plugins
- Polar Storage
- S3 Storage
- File System Storage
- Database
- Sqlite Driver
- PostgreSQL Driver
- Authentication
- Oauth2 Authentication
- Local Authentication
- Native Client (Rust)
- Using tor/lokinet/onion routed network
- Fuse mounting
Quickstart
You want to contribute to the code ?
With Docker
Requirements
- Linux host (virtualized or bare metal)
- 500Mo of free memory
- Docker
- Docker Compose
- Git CLI
Launch Application
$ git clone https://codeberg.org/coldwire/bloc.git
$ cd bloc
(bloc) $ sudo systemctl start docker
(bloc) $ sudo docker-compose -f docker-compose-dev.yml up -d --build
Stop Application
(bloc) $ sudo docker-compose -f docker-compose-dev.yml down
Cleanup
(bloc) $ sudo docker-compose -f docker-compose-dev.yml down
(bloc) $ sudo docker system prune
(bloc) $ sudo docker volume prune
Without docker
Requirements
- Linux host (virtualized or bare metal)
- 500Mo of free memory
- Go
- NodeJS
- Yarn package manager
- Git CLI
# Clone repository
git clone https://codeberg.org/coldwire/bloc && cd bloc
# In a terminal
cd view && npm i && npm run dev # Run frontend server
# In a second terminal
DEV_FRONT_URL=http://127.0.0.1:3000/ go run main.go -config config.toml # Run the backend while proxying requests to the frontend so you can dev without rebuilding the frontend everytime :)
You want to deploy bloc in production ?
Config
An exemple config file can be found here
Building
just clone the repo and build with go <1.16
git clone https://codeberg.org/coldwire/bloc && cd bloc
cd view
npm run build
cd ..
go build main.go
then run it
./main.go
License
You can find the license here